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IN THE CLAIMS: 

1.-5. (Cancelled) 



1 6. (Currently Amended) A method for creating and maintaining a plurality of virtual 

2 servers within a server, the method comprising the steps of: 

3 partitioning resources of the server to establish an instance of each virtual server 

4 by allocating units of storage and network addresses of network interfaces of the server to 

5 each instance of the virtual server, and sharing an operating system and a file system of 

6 the server among all of the virtual servers; 

7 storing external configuration information of a selected virtual server of the plu- 

8 rality of virtual servers in a global repository maintained on a disk of the server, the ex- 

9 ternal configuration information describing external resources assigned to a virtual server 

10 of the plurality of virtual servers, the external resources including the units of storage and 
n the network addresses; 

12 storing internal configuration information of the selected virtual server of the plu- 

13 rality of virtual servers in a private repository, the private repository stored in the one or 

14 more units of storage assigned to the virtual server, the internal configuration information 

15 used to control operation of the selected virtual server; 

16 enabling controlled access to the resources using logical boundary checks and se- 
n curity interpretations of those resources within the server by comparing configuration in- 

18 formation of a unit of storage requested by a particular virtual server vserver with the re- 

19 sources allocated to that particular virtual server vserver ; and 

20 providing a virtual server context structure including information pertaining to a 

21 security domain of the virtual serve r, the virtual server context structure stored in the in- 

22 ternal configuration information . 
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1 7. (Previously Presented) The method of Claim 6 wherein the step of allocating 

2 comprises the step of providing a vfstore list of the virtual server context structure, the 

3 vstore list comprising pointers to vfstore soft objects, each having a pointer that refer- 

4 ences a path to a unit of storage allocated to the virtual server. 

1 8. (Previously Presented) The method of Claim 7 wherein the step of allocating fur- 

2 ther comprises the step of providing a vfnet list of the virtual server context structure, the 

3 vfnet list comprising pointers to vfnet soft objects, each having a pointer that references 

4 an interface address data structure representing a network address assigned to the virtual 

5 server. 

1 9. (Previously Presented) The method of Claim 8 wherein the step of enabling fur- 

2 ther comprises the step of performing a virtual server boundary check to verify that a vir- 

3 tual server is allowed to access certain storage resources of the filer. 

1 10. (Original) The method of Claim 9 wherein the step of performing comprises the 

2 step of validating a file system identifier and qtree identifier associated with the units of 

3 storage. 

1 11. (Previously Presented) The method of Claim 10 wherein the step of performing 

2 further comprises the steps of: 

3 for each request to access a unit of storage, using the identifiers to determine 

4 whether the virtual server is authorized to access the unit of storage; 

5 if the virtual server is not authorized to access the requested unit of storage, im- 

6 mediately denying the request; 

7 otherwise, allowing the request; and 
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8 generating file system operations to process the request. 

1 12. (Cancelled) 

1 13. (Currently Amended) A system adapted to create and maintain a plurality of vir 

2 tual servers within a server, the system comprising: 

3 a storage media configured to store information as units of storage resources, the 

4 units of storage resources allocated among each of the a plurality of virtual servers 

5 (vservers) ; 

6 one or more network interfaces assigned one or more network address resources, 

7 the network address resources allocated among each of the virtual servers; 

8 an operating system having a file system resource adapted to perform a boundary 

9 check to verify that a request is allowed to access to certain units of storage resources on 

10 the storage media, each virtual server allowed shared access to the file system, where the 
n boundary check is performed by comparing configuration information of a unit of storage 

12 requested by a particular vserver with the one or more units of storage resources and the 

13 one or more network address resources allocated to that particular vserver; 

14 a context data structure provided to each virtual server, the context data structure 

15 including information pertaining to a security domain of the virtual server that enforces 

16 controlled access to the allocated and shared resources; and 

n external configuration information of a selected vserver of the plurality of 

is vservers stored in a global repository maintained on a disk of the server, the external con- 

19 figuration information describing external resources assigned to a vserver of the plurality 

20 of vservers, the external configuration information including the network addresses allo- 

21 cated among the each of the vservers; 
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22 internal configuration information of the selected virtual server of the plurality of 

23 virtual servers stored in a private repository, the private repository stored in the one or 

24 more units of storage assigned to the vserver, the internal configuration information used 

25 to control operation of the selected vserver, the context data structure stored in the inter- 

26 nal configuration information; and 

27 a processing element coupled to the network interfaces and storage media, and 

28 configured to execute the operating and file systems to thereby invoke network and stor- 

29 age access operations in accordance with results of the boundary check of the file system. 

1 14. (Original) The system of Claim 13 wherein the units of storage resources are vol- 

2 umes and qtrees. 

1 15. (Original) The system of Claim 14 further comprising a plurality of table data 

2 structures accessed by the processing element to implement the boundary check, the table 

3 data structures including a first table having a plurality of first entries, each associated 

4 with a virtual server and accessed by a file system identifier (fsid) functioning as a first 

5 key into the table, each first entry of the first table denoting a virtual server that com- 

6 pletely owns a volume identified by the fsid. 

1 16. (Original) The system of Claim 15 wherein the table data structures further in- 

2 elude a second table having a plurality of second entries, each associated with a virtual 

3 server and accessed by a second key consisting of an fsid and a qtree identifier (qtreeid), 

4 each second entry of the second table denoting a virtual server that completely owns a 

5 qtree identified by the fsid and qtreeid. 

1 17. (Original) The system of Claim 16 wherein the server is a filer and wherein the 

2 virtual servers are virtual filers. 
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1 18.-19. (Cancelled) 

1 20. (Currently Amended) A Apparatus adapted to create and maintain a plurality of 

2 virtual servers (vservers) within a server, the apparatus comprising: 

3 means for allocating dedicated resources of the server to each virtual server 

4 (vserver) of a plurality of vservers executing on the server vserver- ; 

5 means for sharing common resources of the server among all of the vservers; 

7 means for enabling controlled access to the dedicated and shared resources using 

8 logical boundary checks and security interpretations of those resources within the server 

9 and for providing a vserver context structure including information pertaining to a secu- 

10 rity domain of the vserver, where the logical boundary checks are performed by compar- 
n ing configuration information of a unit of storage requested by a particular vserver with 

12 the dedicated resources allocated to that particular vserver; 

13 external configuration information of a selected vserver of the plurality of 

14 vservers stored in a global repository maintained on a disk of the server, the external con- 

15 figuration information describing external resources assigned to a vserver of the plurality 

16 of vservers, the external resources including the means for allocating the dedicated re- 
n sources; and 

is internal configuration information of the selected vserver of the plurality of 

19 vservers stored in a private repository, the private repository stored in the one or more 

20 units of storage assigned to the vserver, the internal configuration information used to 

21 control operation of the selected vserver, the internal configuration information including 

22 the vserver context structure . 

l 21.-22. (Cancelled) 
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1 23. (Currently Amended) A computer readable medium containing executable pro- 

2 gram instructions for creating and maintaining a plurality of virtual servers (vservers) 

3 within a server filer, the executable program instructions comprising program instructions 

4 for: 

5 allocating dedicated resources of the server to each vserver; 

6 sharing common resources of the server among all of the vservers; 

7 enabling access to the dedicated and shared resources using logical boundary 

8 checks and security interpretations of those resources within the server and providing a 

9 vserver context structure including information pertaining to a security domain of the 

10 vserver, where the logical boundary checks are performed by comparing configuration 
n information of a unit of storage requested by a particular vserver with the dedicated re- 
12 sources allocated to that particular vserver; 



13 storing external configuration information of a selected vserver of the plurality of 

14 vservers in a global repository maintained on a disk of the server, the external configura- 

15 tion information describing external resources assigned to a vserver of the plurality of 

16 vservers, the external resources including allocation of the dedicated resources; and 

n storing internal configuration information of the selected vserver of the plurality 

is of vservers in a private repository, the private repository stored in the one or more units 

19 of storage assigned to the vserver, the internal configuration information used to control 

20 operation of the selected vserver, the internal configuration information including the 

21 configuration information of a unit of storage . 

l 24.-25. (Cancelled) 

1 26. (Currently Amended) A method for creating and maintaining a plurality of virtual 

2 servers (vserver) within a server, the method comprising the steps of : 
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3 allocating resources to each instance of the virtual servers of the plurality of serv- 

4 ers, the resources including units of storage and network addresses of network interfaces 

5 of the server to each instance of the virtual server; 

6 using boundary checks to access resources allocated to the virtual servers, where a 

7 particular virtual server is limited by the boundary check to only access the resources as- 

8 signed to that particular virtual server, where the logical boundary checks are performed 

9 by comparing configuration information of a unit of storage requested by a particular 

10 vserver with the resources allocated to that particular vserver; 

n storing external configuration information of a selected virtual server of the plu- 

12 rality of virtual servers in a global repository maintained on a disk of the server, the ex- 

13 ternal configuration information describing external resources assigned to a virtual server 

14 of the plurality of virtual servers, the external resources including the network addresses; 

15 and 

16 storing internal configuration information of the selected virtual server of the plu- 
n rality of virtual servers in a private repository, the private repository stored in the one or 
is more units of storage assigned to the virtual server, the internal configuration information 

19 used to control operation of the selected virtual server, the internal configuration informa- 

20 tion including configuration information of a unit of storage . 

1 27. (Currently Amended) A An apparatus adapted to create and maintain a plurality 

2 of virtual servers within a server, comprising: 

3 means for allocating resources to each instance of the a virtual server servers of 

4 the a plurality of virtual servers executing on the server , the resources including units of 

5 storage and network addresses of network interfaces of the server to each instance of the 

6 virtual server; 

7 means for using boundary checks to access resources allocated to the virtual serv- 

8 ers, where a particular virtual server is limited by the boundary check to only access the 
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9 resources assigned to that particular virtual server, where the logical boundary checks are 

10 performed by comparing configuration information of a unit of storage requested by a 
n particular vserver with the resources allocated to that particular vserver; 

12 means for storing external configuration information of a selected virtual server of 

13 the plurality of virtual servers in a global repository maintained on a disk of the server, 

14 the external configuration information describing external resources assigned to a virtual 

15 server of the plurality of virtual servers, the external resources including the network ad- 

16 dresses; and 

n means for storing internal configuration information of the selected virtual server 

is of the plurality of virtual servers in a private repository, the private repository stored in 

19 the one or more units of storage assigned to the virtual server, the internal configuration 

20 information used to control operation of the selected virtual server, the internal configura- 

21 tion information including configuration information of a unit of storage . 

1 28. (Currently Amended) A system adapted to create and maintain a plurality of vir 

2 tual servers within a server, the system comprising: 

3 a storage media configured to allocate resources to each of the virtual server serv 

4 ers of a the plurality of virtual servers executing on the server , the resources including 

5 units of storage and network addresses of network interfaces of the server to each in- 

6 stance of the virtual server network interfaces assigned one or more network address re- 

7 sources, the network address resources allocated among each of the virtual servers; 

8 an operating system adapted to perform a boundary check to verify access to re- 

9 sources allocated to the virtual servers, where a particular virtual server is limited by the 

10 boundary check to only access the resources assigned to that particular virtual server, 

n where the logical boundary checks are performed by comparing configuration informa- 

12 tion of a unit of storage requested by a particular vserver with the resources allocated to 

13 that particular vserver; 
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external configuration information of a selected virtual server of the plurality of 
virtual servers stored in a global repository maintained on a disk of the server, the exter- 
nal configuration information describing external resources assigned to a virtual server of 
the plurality of virtual servers, the configuration information including the units of stor- 
age; and 

internal configuration information of the selected virtual server of the plurality of 

virtual servers stored in a private repository, the private repository stored in the one or 
more units of storage assigned to the virtual server, the internal configuration information 
used to control operation of the selected virtual server, the internal configuration informa- 
tion including the configuration information of a unit of storage. 

29. (Currently Amended) A method for creating and maintaining one or more virtual 
servers within a server, comprising: 

allocating resources to a first virtual server of the one or more virtual servers, 
where the resources include one or more units of storage and at least one network address 
of one or more network interfaces of the server to a first virtual server of the one or more 
virtual servers; 

requesting a first unit of storage of the one or more units of storage by a first vir- 
tual server; and 

using a boundary check to access the first unit of storage by comparing configura- 
tion information of the first unit of storage with resources allocated to the first virtual 
server; 

storing external configuration information of a selected virtual server of the plu- 
rality of virtual servers in a global repository maintained on a disk of the server, the ex- 
ternal configuration information describing external resources assigned to a virtual server 
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15 of the plurality of virtual servers, the external configuration information including the one 

16 or more units of storage and at least one network address; and 

n storing internal configuration information of the selected virtual server of the plu- 

18 rality of virtual servers in a private repository, the private repository stored in the one or 

19 more units of storage assigned to the virtual server, the internal configuration information 

20 used to control operation of the selected virtual server, the internal configuration informa- 

21 tion including the configuration information. 

1 30. (Previously Presented) The method of claim 29, wherein the configuration infor- 

2 mation is an inode from a requested file. 

Please add new claims 31, et seq. as follows: 

1 31. (New) A method for maintaining a plurality of virtual servers on a server, com- 

2 prising: 

3 storing external configuration information of a selected virtual server of the plu- 

4 rality of virtual servers in a global repository maintained on a disk of the server, the ex- 

5 ternal configuration information describing external resources assigned to a virtual server 

6 of the plurality of virtual servers; 

7 storing internal configuration information of the selected virtual server of the plu- 

8 rality of virtual servers in a private repository, the private repository stored in the one or 

9 more units of storage assigned to the virtual server, the internal configuration information 

10 used to control operation of the selected virtual server; and 

n maintaining security domain information in the internal configuration informa- 

12 tion. 

l 32. (New) The method of claim 31, further comprising: 
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storing the global repository in a root node of the server. 

33. (New) The method of claim 31, further comprising: 

including in the external configuration information one or more IP addresses. 

34. (New) The method of claim 31, further comprising: 

including in the external configuration information identification of one or more 
units of storage. 

35. (New) The method of claim 31, further comprising: 

including in the external configuration information a volume identification to 
identify a file system executing the selected virtual server. 

36. (New) The method of claim 31, further comprising: 

including in the external configuration information protocols allowed to run on 
the selected virtual server. 

37. (New) The method of claim 31, further comprising: 

including the internal configuration information in a virtual server context data 
structure stored in storage space assigned to the virtual server. 

38. (New) The method of claim 31, further comprising: 

including in the internal configuration information a pointer to software associ- 
ated with hardware assigned to the virtual server in the global repository. 

39. (New) The method of claim 31, further comprising: 

including in the internal configuration information a pointer to software associ- 
ated with an IP address assigned to the virtual server in the global repository. 
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40. (New) The method of claim 31, further comprising: 

including in the internal configuration information a pointer to software associ- 
ated with a unit of storage assigned to the virtual server in the global repository. 

41. (New) The method of claim 31, further comprising: 

including in the internal configuration information a pointer to software associ- 
ated with a protocol assigned to the virtual server in the global repository. 

42. (New) The method of claim 31, further comprising: 

including in the internal configuration information a pointer to software associ- 
ated with a security domain assigned to the virtual server in the global repository. 

43. (New) The method of claim 31, further comprising: 

including in the internal configuration information a pointer to software associ- 
ated with a security data base holding security information assigned to the virtual server. 

44. (New) The method of claim 31, further comprising: 

including in the internal configuration information a pointer to software associ- 
ated with storage units which the virtual server is permitted to access to enable the virtual 
server to perform boundary checks when accessing storage blocks. 

45. (New) The method of claim 31, further comprising: 

including in the internal configuration information a pointer to software associ- 
ated with a file system identification (fsid) table, the fsid serving as an index into the 
fsid table to an entry indicating whether or not the virtual server completely owns a unit 
of storage, and in the event that the entry in the fsid table indicates that the virtual server 
does completely own the unit of storage, permitting the virtual server access to the unit of 
storage. 
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46. (New) The method of claim 31, further comprising: 

including in the internal configuration information a pointer to software associ- 
ated with a file system identification (fsid) table, the fsid serving as an index into the 
fsid table to an entry indicating whether or not the virtual server completely owns a unit 
of storage, and in the event that the entry in the fsid table indicates that a different virtual 
server does completely own the unit of storage, denying the virtual server access to the 
unit of storage. 

47. (New) The method of claim 46, further comprising: 

in the event that the virtual server does not completely own the unit of storage and 
in the event that no different virtual server completely owns the unit of storage, entering a 
qtree table using a qtree to the unit of storage to determine if the virtual server owns the 
qtree to the unit of storage, and if the virtual server does own the qtree to the unit of stor- 
age, providing access by the virtual server to the unit of storage. 

48. (New) The method of claim 31, further comprising: 

receiving an authentication request, the authentication request requiring contact- 
ing an external server; and 

reading from the internal configuration information a process identification (PID) 
that enables an operating system to send an authentication request to the correct authenti- 
cation process. 

49. (New) A server, comprising: 

a plurality of virtual servers executing on the server; 

external configuration information of a selected virtual server of the plurality of 
virtual servers stored in a global repository maintained on a disk of the server, the exter- 
nal configuration information describing external resources assigned to a virtual server of 
the plurality of virtual servers; 
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internal configuration information of the selected virtual server of the plurality of 
virtual servers stored in a private repository, the private repository stored in the one or 
more units of storage assigned to the virtual server, the internal configuration information 
used to control operation of the selected virtual server; and 

security domain information maintained in the internal configuration information. 

50. (New) The method of claim 49, further comprising: 

an operating system to store the global repository in a root node of the server. 

51. (New) The method of claim 49, further comprising: 

an operating system to store in the external configuration information one or more 
IP addresses. 

52. (New) The method of claim 49, further comprising: 

an operating system to include in the external configuration information identifi- 
cation of one or more units of storage. 

53. (New) The method of claim 49, further comprising: 

an operating system to include in the external configuration information a volume 
identification to identify a file system executing the selected virtual server. 

54. (New) The method of claim 49, further comprising: 

an operating system to include in the external configuration information protocols 
allowed to run on the selected virtual server. 

55. (New) The method of claim 49, further comprising: 

an operating system to include the internal configuration information in a virtual 
server context data structure stored in storage space assigned to the virtual server. 
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56. (New) The method of claim 49, further comprising: 

an operating system to include in the internal configuration information a pointer 
to software associated with hardware assigned to the virtual server in the global reposi- 
tory. 

57. (New) The method of claim 49, further comprising: 

an operating system to include in the internal configuration information a pointer 
to software associated with an IP address assigned to the virtual server in the global re- 
pository. 

58. (New) The method of claim 49, further comprising: 

an operating system to include in the internal configuration information a pointer 
to software associated with a unit of storage assigned to the virtual server in the global 
repository. 

59. (New) The method of claim 49, further comprising: 

an operating system to include in the internal configuration information a pointer 
to software associated with a protocol assigned to the virtual server in the global reposi- 
tory. 

60. (New) The method of claim 49, further comprising: 

an operating system to include in the internal configuration information a pointer 
to software associated with a security domain assigned to the virtual server in the global 
repository. 

61. (New) The method of claim 49, further comprising: 

an operating system to include in the internal configuration information a pointer 
to software associated with a security data base holding security information assigned to 
the virtual server. 



16 



PATENTS 
112056-0022 
P01-1047 



62. (New) The method of claim 49, further comprising: 

an operating system to include in the internal configuration information a pointer 
to software associated with storage units which the virtual server is permitted to access to 
enable the virtual server to perform boundary checks when accessing storage blocks. 

63. (New) The method of claim 49, further comprising: 

an operating system to include in the internal configuration information a pointer 
to software associated with a file system identification (fsid) table, the fsid serving as an 
index into the fsid table to an entry indicating whether or not the virtual server com- 
pletely owns a unit of storage, and in the event that the entry in the fsid table indicates 
that the virtual server does completely own the unit of storage, permitting the virtual 
server access to the unit of storage. 

64. (New) The method of claim 49, further comprising: 

an operating system to include in the internal configuration information a pointer 
to software associated with a file system identification (fsid) table, the fsid serving as an 
index into the fsid table to an entry indicating whether or not the virtual server com- 
pletely owns a unit of storage, and in the event that the entry in the fsid table indicates 
that a different virtual server does completely own the unit of storage, the operating sys- 
tem to deny the virtual server access to the unit of storage. 

65. (New) The method of claim 64, further comprising: 

in the event that the virtual server does not completely own the unit of storage and 
in the event that no different virtual server completely owns the unit of storage, the oper- 
ating system to enter a qtree table using a qtree to the unit of storage to determine if the 
virtual server owns the qtree to the unit of storage, and if the virtual server does own the 
qtree to the unit of storage, the operating system to provide access by the virtual server to 
the unit of storage. 
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66. (New) The method of claim 49, further comprising: 

an operating system to receive an authentication request, the authentication re- 
quest requiring contacting an external server; and 

the operating system to read from the internal configuration information a process 
identification (PID) that enables an operating system to send an authentication request to 
the correct authentication process. 

67. (New) A computer readable media, comprising: 

said computer readable media containing instructions for execution on a processor 
for the practice of a method of maintaining a plurality of virtual servers on a server, the 
method having the steps of, 

storing external configuration information of a selected virtual server of the plu- 
rality of virtual servers in a global repository maintained on a disk of the server, the ex- 
ternal configuration information describing external resources assigned to a virtual server 
of the plurality of virtual servers; 

storing internal configuration information of the selected virtual server of the plu- 
rality of virtual servers in a private repository, the private repository stored in the one or 
more units of storage assigned to the virtual server, the internal configuration information 
used to control operation of the selected virtual server; and 

maintaining security domain information in the internal configuration informa- 
tion. 
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